Risk of Russian cyber attack ‘heightened’
02 March 2022
A security expert has warned of a heightened risk to construction businesses of cyber attacks from Russia.
Mike Wills, director of strategy and policy at data security firm CSS Assure, said there is a “significant risk that Russia may seek to create instability within western countries…as a means to distract focus and attention away from the situation in Ukraine and onto closer, acute problems at home”.
He listed utilities, water, transport, infrastructure and supply chains among the sectors at greatest risk of cyber attack, but said, “Critical national infrastructure should be relatively hardened to attacks and they will, more than ever, be at a heightened state of vigilance”.
He added, however, that, “The attackers know this and…may be looking to find less obvious routes to target these institutions – potentially through suppliers, which are typically easier to hack.”
Attacks on the websites of Ukrainian banking and government establishments were reported shortly before the Russian military onslaught in Ukraine began. The US and UK governments attributed these attacks to Russian hackers.
Protecting against a cyber attack
Mike Wills said, “No business will want the association or ignominy of being the weakest link. While a security programme cannot be established overnight, the best time to start is today. In the interim, heightened vigilance and discipline is critical to defending against a cyber attack.
“At minimum, businesses should consider resetting passwords in case they have already been breached and are enabling access to web portals and email accounts, as well as remind employees to think twice before opening or clicking links on any suspicious emails.
“Multi-factor authentication – which requires users to provide two or more verification factors to gain access to a resource – should be implemented wherever possible, and software upgrades and patches should be up to date.
“Businesses should also dust off, review and rehearse incident respond plans so they know how to react swiftly to any attack and are able to minimise its potential scope and scale. Finally, ensure all critical information is backed-up off network in case of a ransomware attack.”